Re: [OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
On Tue, 2023-10-03 at 21:05 +0100, Richard Purdie via lists.openembedded.org wrote: > On Mon, 2023-10-02 at 20:09 -0700, Hemraj, Deepthi via > lists.openembedded.org wrote: > > From: Deepthi Hemraj > > > > Below commits on glibc-2.38 stable branch are updated. > > 0e1ef6779a (HEAD -> release/2.38/master, origin/release/2.38/master) > > manual/jobs.texi: Add missing @item EPERM for getpgid > > d94461bb86 string: Fix tester build with fortify enable with gcc < 12 > > 63250e9c57 iconv: restore verbosity with unrecognized encoding names (bug > > 30694) > > 00ae4f10b5 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) > > b25508dd77 CVE-2023-4527: Stack read overflow with large TCP responses in > > no- mode > > 89da8bc588 NEWS: Add the 2.38.1 bug list > > d3ba6c1333 elf: Move l_init_called_next to old place of l_text_end in link > > map > > 750f19526a elf: Remove unused l_text_end field from struct link_map > > a3189f66a5 elf: Always call destructors in reverse constructor order (bug > > 30785) > > 7ae211a01b elf: Do not run constructors for proxy objects > > 92201f16cb libio: Fix oversized __io_vtables > > 5bdef6f27c io: Fix record locking contants for powerpc64 with > > __USE_FILE_OFFSET64 > > > > 0024-CVE-2023-4527.patch is dropped > > > > Signed-off-by: Deepthi Hemraj > > --- > > meta/recipes-core/glibc/glibc-version.inc | 2 +- > > .../glibc/glibc/0024-CVE-2023-4527.patch | 219 -- > > meta/recipes-core/glibc/glibc_2.38.bb | 1 - > > 3 files changed, 1 insertion(+), 221 deletions(-) > > delete mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch > > I suspect that as well we deleting the patch, you need to add something > like: > > CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" > > otherwise we'll see CVEs reported against this again? > > There may be other CVEs which need adding too? Since there appears to be a serious glibc issue we need to patch, I've gone ahead and added an update on top of this patch to pull in the new urgent pieces and set the CVE_STATUS accordingly. Please follow up with an additional patch for any other CVE_STATUS pieces I didn't cover. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188664): https://lists.openembedded.org/g/openembedded-core/message/188664 Mute This Topic: https://lists.openembedded.org/mt/101727838/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
On Mon, 2023-10-02 at 20:09 -0700, Hemraj, Deepthi via lists.openembedded.org wrote: > From: Deepthi Hemraj > > Below commits on glibc-2.38 stable branch are updated. > 0e1ef6779a (HEAD -> release/2.38/master, origin/release/2.38/master) > manual/jobs.texi: Add missing @item EPERM for getpgid > d94461bb86 string: Fix tester build with fortify enable with gcc < 12 > 63250e9c57 iconv: restore verbosity with unrecognized encoding names (bug > 30694) > 00ae4f10b5 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) > b25508dd77 CVE-2023-4527: Stack read overflow with large TCP responses in > no- mode > 89da8bc588 NEWS: Add the 2.38.1 bug list > d3ba6c1333 elf: Move l_init_called_next to old place of l_text_end in link map > 750f19526a elf: Remove unused l_text_end field from struct link_map > a3189f66a5 elf: Always call destructors in reverse constructor order (bug > 30785) > 7ae211a01b elf: Do not run constructors for proxy objects > 92201f16cb libio: Fix oversized __io_vtables > 5bdef6f27c io: Fix record locking contants for powerpc64 with > __USE_FILE_OFFSET64 > > 0024-CVE-2023-4527.patch is dropped > > Signed-off-by: Deepthi Hemraj > --- > meta/recipes-core/glibc/glibc-version.inc | 2 +- > .../glibc/glibc/0024-CVE-2023-4527.patch | 219 -- > meta/recipes-core/glibc/glibc_2.38.bb | 1 - > 3 files changed, 1 insertion(+), 221 deletions(-) > delete mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch I suspect that as well we deleting the patch, you need to add something like: CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" otherwise we'll see CVEs reported against this again? There may be other CVEs which need adding too? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188661): https://lists.openembedded.org/g/openembedded-core/message/188661 Mute This Topic: https://lists.openembedded.org/mt/101727838/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
On 2023-10-03 1:34 a.m., Deepthi.Hemraj via lists.openembedded.org wrote: Regression testing is done and below are the test results. Before glibc update Summary of test results: 213 FAIL 4805 PASS 16 XFAIL 4 XPASS 218 UNSUPPORTED After glibc update Summary of test results: 216 FAIL 4805 PASS 16 XFAIL 4 XPASS 218 UNSUPPORTED These are the newly added test cases Thanks for the update, summary and initial analysis. PASS: io/tst-fcntl-lock-lfs FAIL: nss/tst-nss-gai-hv2-canonname It's a little odd that a new test case is failing. Is this reproducible? Is there a bug reported upstream or discussed on an email list? PASS: resolv/tst-resolv-no-vc And below are new failures FAIL: nptl/tst-thread-affinity-sched FAIL: malloc/tst-malloc_info-malloc-check Are these reproducible? Is there a bug reported upstream? Please do some additional analysis of the failures including whether they only happen in a bitbake build and report back here so we can decide how to proceed. Thanks again Deepthi, ../Randy -- # Randy MacLeod # Wind River Linux -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188638): https://lists.openembedded.org/g/openembedded-core/message/188638 Mute This Topic: https://lists.openembedded.org/mt/101727838/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
Regression testing is done and below are the test results. Before glibc update Summary of test results: 213 FAIL 4805 PASS 16 XFAIL 4 XPASS 218 UNSUPPORTED After glibc update Summary of test results: 216 FAIL 4805 PASS 16 XFAIL 4 XPASS 218 UNSUPPORTED These are the newly added test cases PASS: io/tst-fcntl-lock-lfs FAIL: nss/tst-nss-gai-hv2-canonname PASS: resolv/tst-resolv-no-vc And below are new failures FAIL: nptl/tst-thread-affinity-sched FAIL: malloc/tst-malloc_info-malloc-check -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188623): https://lists.openembedded.org/g/openembedded-core/message/188623 Mute This Topic: https://lists.openembedded.org/mt/101727838/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
From: Deepthi Hemraj
Below commits on glibc-2.38 stable branch are updated.
0e1ef6779a (HEAD -> release/2.38/master, origin/release/2.38/master)
manual/jobs.texi: Add missing @item EPERM for getpgid
d94461bb86 string: Fix tester build with fortify enable with gcc < 12
63250e9c57 iconv: restore verbosity with unrecognized encoding names (bug 30694)
00ae4f10b5 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
b25508dd77 CVE-2023-4527: Stack read overflow with large TCP responses in
no- mode
89da8bc588 NEWS: Add the 2.38.1 bug list
d3ba6c1333 elf: Move l_init_called_next to old place of l_text_end in link map
750f19526a elf: Remove unused l_text_end field from struct link_map
a3189f66a5 elf: Always call destructors in reverse constructor order (bug 30785)
7ae211a01b elf: Do not run constructors for proxy objects
92201f16cb libio: Fix oversized __io_vtables
5bdef6f27c io: Fix record locking contants for powerpc64 with
__USE_FILE_OFFSET64
0024-CVE-2023-4527.patch is dropped
Signed-off-by: Deepthi Hemraj
---
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../glibc/glibc/0024-CVE-2023-4527.patch | 219 --
meta/recipes-core/glibc/glibc_2.38.bb | 1 -
3 files changed, 1 insertion(+), 221 deletions(-)
delete mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch
diff --git a/meta/recipes-core/glibc/glibc-version.inc
b/meta/recipes-core/glibc/glibc-version.inc
index a907444f50..f5ebbb2ee6 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.38/master"
PV = "2.38+git"
-SRCREV_glibc ?= "1aed90c9c8f8be9f68b58e96b6e4cd0fc08eb2b1"
+SRCREV_glibc ?= "0e1ef6779a90bc0f8a05bc367796df2793deecaa"
SRCREV_localedef ?= "e0eca29583b9e0f62645c4316ced93cf4e4e26e1"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
diff --git a/meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch
b/meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch
deleted file mode 100644
index 7d9adf6a66..00
--- a/meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-From 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f Mon Sep 17 00:00:00 2001
-From: Florian Weimer
-Date: Wed, 13 Sep 2023 14:10:56 +0200
-Subject: [PATCH] CVE-2023-4527: Stack read overflow with large TCP responses
- in no- mode
-
-Without passing alt_dns_packet_buffer, __res_context_search can only
-store 2048 bytes (what fits into dns_packet_buffer). However,
-the function returns the total packet size, and the subsequent
-DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
-of the stack-allocated buffer.
-
-Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-
-stub resolver option") and bug 30842.
-
-(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d)
-
-Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f]
-CVE: CVE-2023-4527
-
-Signed-off-by: Yash Shinde
-
- NEWS | 7 ++
- resolv/Makefile | 2 +
- resolv/nss_dns/dns-host.c | 2 +-
- resolv/tst-resolv-no-vc.c | 129 ++
- 4 files changed, 139 insertions(+), 1 deletion(-)
- create mode 100644 resolv/tst-resolv-no-vc.c
-
-diff --git a/NEWS b/NEWS
a/NEWS
-+++ b/NEWS
-@@ -126,6 +126,7 @@
- [30477] libc: [RISCV]: time64 does not work on riscv32
- [30515] dynamic-link: _dl_find_object incorrectly returns 1 during
- early startup
-+ [30842] Stack read overflow in getaddrinfo in no- mode (CVE-2023-4527)
- [30527] network: resolv_conf lock not unlocked on allocation failure
- [30550] math: powerpc64le: GCC-specific code for isinf() is being used
- on clang
-@@ -157,6 +158,12 @@
- heap and prints it to the target log file, potentially revealing a
- portion of the contents of the heap.
-
-+ CVE-2023-4527: If the system is configured in no- mode via
-+ /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
-+ family, and a DNS response is received over TCP that is larger than
-+ 2048 bytes, getaddrinfo may potentially disclose stack contents via
-+ the returned address data, or crash.
-+
- The following bugs are resolved with this release:
-
- [12154] network: Cannot resolve hosts which have wildcard aliases
-diff --git a/resolv/Makefile b/resolv/Makefile
a/resolv/Makefile
-+++ b/resolv/Makefile
-@@ -102,6 +102,7 @@
- tst-resolv-invalid-cname \
- tst-resolv-network \
- tst-resolv-no \
-+ tst-resolv-no-vc \
- tst-resolv-nondecimal \
- tst-resolv-res_init-multi \
- tst-resolv-search \
-@@ -293,6 +294,7 @@
- $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \
- $(shared-thread-library)
- $(objpfx)tst-resolv-no: $(objpfx)libresolv.so $(shared-thread-library)
-+$(objpfx)tst-resolv-no-vc: $(objpfx)libresolv.so
